search for: pwcopy

https://bugzilla.mindrot.org/show_bug.cgi?id=1377 Summary: getpwuid called twice without pwcopy (percent_expand: NULL replacement) Classification: Unclassified Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Mac OS X Status: NEW Severity: major Priority: P2 Component: s...

...r name we need to strip */ + { + char *p; + bsduser = xstrdup(user); + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + } + #endif pw = getpwnam(user); if (!pw || !allowed_user(pw)) do_fake_authloop1(user); *************** *** 482,487 **** --- 500,508 ---- pwcopy.pw_gid = pw->pw_gid; pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + #if defined(BSD) && BSD >= 199506 + pwcopy.pw_class = xstrdup(pw->pw_class); + #endif pw = &pwcopy; #ifdef USE_PAM *************** *** 508,514 **** (...

...y is completely broken in sshd. The patch: Index: auth.c =================================================================== RCS file: /cvs/openssh_cvs/auth.c,v retrieving revision 1.23 diff -u -p -r1.23 auth.c --- auth.c 2001/02/15 03:08:27 1.23 +++ auth.c 2001/02/28 15:47:23 @@ -182,6 +182,9 @@ pwcopy(struct passwd *pw) #ifdef HAVE_PW_CLASS_IN_PASSWD copy->pw_class = xstrdup(pw->pw_class); #endif +#ifdef HAVE_CYGWIN + copy->pw_gecos = xstrdup(pw->pw_gecos); +#endif copy->pw_dir = xstrdup(pw->pw_dir); copy->pw_shell = xstrdup(pw->pw_shell); return copy; Thanks...

The references to pw_expire and pw_change in pwcopy() in misc.c cause compilation errors at least on solaris. How about doing a memcpy of the whole structure and only explicitly setting those that need xstrdup? That would work on openbsd and everywhere else. - Dave Dykstra --- misc.c.O Thu Jun 21 11:35:28 2001 +++ misc.c Thu Jun 21 11:36:09 2001...

...afterward presented with the usage and the program ends. So, this snippet in OpenSSH-4.2p1, ssh.c: 219 /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); exit(1); } /* Take a copy of the returned structure. */ pw = pwcopy(pw); should probably be moved after options scanning, for example at ssh: 515, after: /* Check that we got a host name. */ if (!host) usage(); I tested this and nothing seems to be broken by it. I can submit a patch if it is wanted. Cornel

...2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c 2007-10-17 10:23:07.000000000 -0700 @@ -1252,6 +1252,7 @@ #endif /* SMARTCARD */ if ((pw = getpwuid(original_real_uid)) == NULL) fatal("load_public_identity_files: getpwuid failed"); + pw = pwcopy(pw); if (gethostname(thishost, sizeof(thishost)) == -1) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); -- Toby Butzon

Hi, I'm in the position of having to support a fix for a bad interaction between sshd and winbind/Active Directory. It's solved by a small patch against openssh, but it would be nice to have the solution generally available. The problem has previously been described on this list by Andreas Schneider, see: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html

Hi, Dear OpenSSH support, I'm writing to ask whether this bug is fixed in your openSSH 6.0. If no, do you have any plan? https://bugzilla.redhat.com/show_bug.cgi?id=640857 Regards, Carol

I've implemented a patch to openssh which allows the PAM auth layer to detect if the PAM stack has changed the user name and then adjusts its internal data structures accordingly. (imagine a PAM stack that uses individual credentials to authenticate, but assigns the user to a role account). First, is the openssh community interested in this patch? Second, if there is interest in the patch,

...f ((p = strchr(user, ':')) != NULL) + *p = '\0'; + pw = getpwnam(user); + if (p != NULL) + *p = ':'; + } +#else pw = getpwnam(user); +#endif if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; @@ -254,6 +271,10 @@ if (authenticated && authctxt->user && !do_pam_account(authctxt->user, NULL)) authenticated = 0; #endif /* USE_PAM */ +#ifdef HAVE_BSD_AUTH_H + if (authenticated && authctxt->user && !auth_approval(...

Hello. These patches add a new mode of operation for the sftp server. It is located between the ordinary, unrestricted mode and read-only mode. It allows you to add files to the server, but only if these files do not exist on the server before. Changes to existing files - are prohibited. Please review them, maybe these patches will be useful not only to me. Thank you. -------------- next part

...error, but isn't + //this a pointer that should be freed + //before we reassign? + //free(pw->pw_passwd); + pw->pw_passwd=pr_pw->ufld.fd_encrypt; + #endif if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; Common subdirectories: openssh-3.1p1.orig/autom4te.cache and openssh-3.1p1/autom4te.cache diff -cr openssh-3.1p1.orig/configure.ac openssh-3.1p1/configure.ac *** openssh-3.1p1.orig/configure.ac Wed Feb 27 06:12:35 2002 --- openssh-3.1p1/configure.ac Fri Mar 22 00:0...

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

...has passed. */ if (pw->pw_expire != 0) { struct timeval tv; @@ -1254,6 +1254,7 @@ if (tv.tv_sec >= pw->pw_expire) return 0; } +#endif /* !__FreeBSD__ */ /* We found no reason not to let this user try to log on... */ return 1; } @@ -1268,6 +1269,12 @@ struct passwd *pw, pwcopy; int plen, ulen; char *user; +#ifdef LOGIN_CAP + login_cap_t *lc; + char *hosts; + const char *from_host, *from_ip; + int denied; +#endif /* LOGIN_CAP */ /* Get the name of the user that we wish to log in as. */ packet_read_expect(&plen, SSH_CMSG_USER); @@ -1338,6 +1345,38 @@ pack...

...-0700 @@ -141,6 +141,19 @@ return (old); } +int strcount( char *str, char c ) +{ + int count = 0; + + if( str == NULL ) + return -1; + + while( *str != 0 && *str != ' ' && *str != '\t' ) + if( *(str++) == c ) + count++; + return count; +} + struct passwd * pwcopy(struct passwd *pw) { diff -u -r openssh-3.8p1/misc.h openssh-3.8p1-localbind/misc.h --- openssh-3.8p1/misc.h 2003-08-24 18:16:21.000000000 -0700 +++ openssh-3.8p1-localbind/misc.h 2004-08-05 11:02:08.916639344 -0700 @@ -14,6 +14,7 @@ char *chop(char *); char *strdelim(char **); +int strcount(...

...onger be needed. */ *************** *** 997,1002 **** --- 1002,1008 ---- RSA_free(sensitive_data.host_key); setproctitle("%s", user); + /* Do the authentication. */ do_authentication(user); } *************** *** 1084,1089 **** --- 1090,1099 ---- { struct passwd *pw, pwcopy; + #ifdef _AIX + char *loginmsg; + #endif + #ifdef AFS /* If machine has AFS, set process authentication group. */ if (k_hasafs()) { *************** *** 1092,1097 **** --- 1102,1109 ---- } #endif /* AFS */ + pw = (struct passwd *) malloc (sizeof(struct passwd)); + /* Verif...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

http://bugzilla.mindrot.org/show_bug.cgi?id=1353 Summary: Bugs intended to be fixed in 4.8 Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Keywords: meta Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the